2019-05-25 20:40:06 +00:00
|
|
|
#--depends-on commands
|
|
|
|
|
2019-06-28 22:16:05 +00:00
|
|
|
import re, socket, typing
|
2018-10-04 09:18:44 +00:00
|
|
|
from src import ModuleManager, utils
|
2019-06-25 13:32:51 +00:00
|
|
|
import dns.resolver
|
2018-10-04 09:18:44 +00:00
|
|
|
|
|
|
|
URL_GEOIP = "http://ip-api.com/json/%s"
|
2018-11-15 15:41:55 +00:00
|
|
|
REGEX_IPv6 = r"(?:(?:[a-f0-9]{1,4}:){2,}|[a-f0-9:]*::)[a-f0-9:]*"
|
|
|
|
REGEX_IPv4 = r"(?:\d{1,3}\.){3}\d{1,3}"
|
2019-06-03 15:49:25 +00:00
|
|
|
REGEX_IP = re.compile("(%s)|(%s)" % (REGEX_IPv4, REGEX_IPv6), re.I)
|
2018-10-04 09:18:44 +00:00
|
|
|
|
2019-06-28 22:16:05 +00:00
|
|
|
class DnsSetting(utils.Setting):
|
|
|
|
def parse(self, value: str) -> typing.Any:
|
|
|
|
if utils.is_ip(value):
|
|
|
|
return value
|
|
|
|
return None
|
2019-06-25 13:32:51 +00:00
|
|
|
|
2019-06-28 22:16:05 +00:00
|
|
|
@utils.export("serverset", DnsSetting("dns-nameserver",
|
|
|
|
"Set DNS nameserver", example="8.8.8.8"))
|
2018-10-04 09:18:44 +00:00
|
|
|
class Module(ModuleManager.BaseModule):
|
|
|
|
@utils.hook("received.command.dns", min_args=1)
|
|
|
|
def dns(self, event):
|
|
|
|
"""
|
|
|
|
:help: Get all addresses for a given hostname (IPv4/IPv6)
|
2019-06-25 13:32:51 +00:00
|
|
|
:usage: <hostname> [type [type ...]]
|
2018-10-04 10:04:24 +00:00
|
|
|
:prefix: DNS
|
2018-10-04 09:18:44 +00:00
|
|
|
"""
|
2019-07-16 15:52:41 +00:00
|
|
|
args = event["args_split"][:]
|
2019-06-25 13:32:51 +00:00
|
|
|
nameserver = event["server"].get_setting("dns-nameserver", None)
|
2019-07-16 15:52:41 +00:00
|
|
|
for i, arg in enumerate(args):
|
|
|
|
if arg[0] == "@":
|
|
|
|
nameserver = args.pop(i)[1:]
|
|
|
|
break
|
2019-06-25 13:32:51 +00:00
|
|
|
|
2019-07-16 15:52:41 +00:00
|
|
|
hostname = args[0]
|
2019-06-25 13:50:30 +00:00
|
|
|
|
2019-07-16 15:52:41 +00:00
|
|
|
record_types = args[1:]
|
2019-06-25 13:50:30 +00:00
|
|
|
if not record_types:
|
|
|
|
record_types = ["A?", "AAAA?"]
|
2019-06-25 13:32:51 +00:00
|
|
|
|
|
|
|
if not nameserver == None:
|
|
|
|
resolver = dns.resolver.Resolver(configure=False)
|
|
|
|
resolver.nameservers = [nameserver]
|
|
|
|
else:
|
|
|
|
resolver = dns.resolver
|
|
|
|
|
|
|
|
results = []
|
2018-10-16 14:09:58 +00:00
|
|
|
|
2019-06-25 13:32:51 +00:00
|
|
|
for record_type in record_types:
|
2019-08-02 16:42:57 +00:00
|
|
|
record_type_strip = record_type.rstrip("?").upper()
|
2019-06-25 13:32:51 +00:00
|
|
|
try:
|
2019-07-16 15:58:40 +00:00
|
|
|
query_result = resolver.query(hostname, record_type_strip,
|
|
|
|
lifetime=4)
|
2019-06-25 13:32:51 +00:00
|
|
|
query_results = [q.to_text() for q in query_result]
|
|
|
|
results.append([record_type_strip, query_results])
|
|
|
|
except dns.resolver.NXDOMAIN:
|
|
|
|
raise utils.EventError("Domain not found")
|
|
|
|
except dns.resolver.NoAnswer:
|
|
|
|
if not record_type.endswith("?"):
|
|
|
|
raise utils.EventError("Domain does not have a '%s' record"
|
2019-06-25 13:57:03 +00:00
|
|
|
% record_type_strip)
|
|
|
|
except dns.rdatatype.UnknownRdatatype:
|
|
|
|
raise utils.EventError("Unknown record type '%s'"
|
|
|
|
% record_type_strip)
|
2019-07-09 11:18:34 +00:00
|
|
|
except dns.exception.DNSException:
|
|
|
|
message = "Failed to get DNS records"
|
|
|
|
self.log.warn(message, exc_info=True)
|
|
|
|
raise utils.EventError(message)
|
2018-10-04 09:18:44 +00:00
|
|
|
|
2019-06-25 13:32:51 +00:00
|
|
|
results_str = ["%s: %s" % (t, ", ".join(r)) for t, r in results]
|
|
|
|
event["stdout"].write("(%s) %s" % (hostname, " | ".join(results_str)))
|
2018-10-04 09:18:44 +00:00
|
|
|
|
|
|
|
@utils.hook("received.command.geoip", min_args=1)
|
|
|
|
def geoip(self, event):
|
|
|
|
"""
|
|
|
|
:help: Get geoip data on a given IPv4/IPv6 address
|
|
|
|
:usage: <IP>
|
2018-10-04 10:04:24 +00:00
|
|
|
:prefix: GeoIP
|
2018-10-04 09:18:44 +00:00
|
|
|
"""
|
2018-12-11 22:26:38 +00:00
|
|
|
page = utils.http.request(URL_GEOIP % event["args_split"][0],
|
2018-10-04 09:18:44 +00:00
|
|
|
json=True)
|
|
|
|
if page:
|
2018-12-11 22:26:38 +00:00
|
|
|
if page.data["status"] == "success":
|
|
|
|
data = page.data["query"]
|
|
|
|
data += " | Organisation: %s" % page.data["org"]
|
|
|
|
data += " | City: %s" % page.data["city"]
|
|
|
|
data += " | Region: %s (%s)" % (page.data["regionName"],
|
|
|
|
page.data["countryCode"])
|
|
|
|
data += " | ISP: %s" % page.data["isp"]
|
|
|
|
data += " | Lon/Lat: %s/%s" % (page.data["lon"],
|
|
|
|
page.data["lat"])
|
|
|
|
data += " | Timezone: %s" % page.data["timezone"]
|
2018-10-04 09:18:44 +00:00
|
|
|
event["stdout"].write(data)
|
|
|
|
else:
|
|
|
|
event["stderr"].write("No geoip data found")
|
|
|
|
else:
|
2018-10-20 19:51:29 +00:00
|
|
|
raise utils.EventsResultsError()
|
2018-10-04 09:18:44 +00:00
|
|
|
|
2018-10-04 11:15:15 +00:00
|
|
|
@utils.hook("received.command.rdns")
|
2018-10-04 09:18:44 +00:00
|
|
|
def rdns(self, event):
|
|
|
|
"""
|
|
|
|
:help: Do a reverse-DNS look up on an IPv4/IPv6 address
|
|
|
|
:usage: <IP>
|
2018-10-04 10:04:24 +00:00
|
|
|
:prefix: rDNS
|
2018-10-04 09:18:44 +00:00
|
|
|
"""
|
2018-10-04 11:15:15 +00:00
|
|
|
ip = event["args_split"][0] if event["args"] else ""
|
|
|
|
if not ip:
|
|
|
|
line = event["target"].buffer.find(REGEX_IP)
|
|
|
|
if line:
|
|
|
|
match = REGEX_IP.search(line.message)
|
|
|
|
ip = match.group(1) or match.group(2)
|
|
|
|
if not ip:
|
2018-10-16 14:09:58 +00:00
|
|
|
raise utils.EventError("No IP provided")
|
2018-10-04 11:15:15 +00:00
|
|
|
|
2018-10-04 09:18:44 +00:00
|
|
|
try:
|
2018-10-04 11:15:15 +00:00
|
|
|
hostname, alias, ips = socket.gethostbyaddr(ip)
|
2018-10-04 09:29:22 +00:00
|
|
|
except (socket.herror, socket.gaierror) as e:
|
2018-10-16 14:09:58 +00:00
|
|
|
raise utils.EventError(e.strerror)
|
2018-10-04 12:19:59 +00:00
|
|
|
event["stdout"].write("(%s) %s" % (ips[0], hostname))
|